Steganography

Date: 2023-10-25

Difficulty: Beginner

Delivered By: Will Pearman

Overview

Steganography is the art of hiding information in plain sight. When applied to cyber security, it often refers to concealing data (with a special meaning) within other data - such as a hidden message inside a file. A recent, but growing, trend involves using steganography as part of a wider attack, such as to hide shellcode:

image

When applied to CTFs, the use of steganography can make the process of locating a flag much trickier and more puzzling. Instead of the flag being available in the open, it could be concealed in an otherwise mundane file!

In this session, we will explore the basics of steganography including what it is, how it came about, common tools used and how they are applied to data hidden in:

  • Text
  • Images
  • Audio
  • Network Traffic
  • Files

There is also an opportunity to make your own challenge and compete against others to win a flag worth double points. We will not be discussing mathematical approaches to steganography as seen in research and literature; that is above the scope of what we will look at. If you wish to explore these techniques, you're encouraged to do so when you make your own challenge.

Prerequesites

To take part in this session, you will need to bring a laptop or share with someone else. These following tools will be very helpful!

SSTV Receivers & Transmitters

You may want to use a Linux VM if you are on Windows, but this isn't required.

Furthermore, knowledge of the following would be ideal as a starting point:

Session Link

The challenges can be accessed at: https://stego.sucss.org.

Brute forcing passwords using tools such as Hydra is not allowed.